Short review of Sofia Coppola’s 2010 movie Somewhere. Unless I miss my mark, it’s the same movie as Lost in Translation?

RollerCoaster Tycoon, a classic game from 1999 is still worth dissecting for its performance to this day. First a quick primer on bit shifting (new to me—I’m used to high level languages!):

What the << operator does here [NewValue = OldValue << 2] is called bit shifting, meaning all the bits that store the value of the variable are shifted to the left, in this case by two positions, with the new digits being filled in with zeros. Since the number is stored in a binary system, every shift to the left means the number is doubled.

Since this is a lot faster than multiplication, Chris Sawyer decided to exploit this as much as possible:

The even more interesting point about those calculations, however, is how often the code is able to do this. Obviously, bit shifting can only be done for multiplications and divisions involving a power of two, like 2, 4, 8, 16, etc. The fact that it is done that often indicates that the in-game formulas were specifically designed to stick to those numbers wherever possible, which in most modern development workflows is basically an impossibility.

I do want to disagree with that last bit. Impossibility sounds too harsh. We can’t decide the requirements for stakeholders, but plenty of things aren’t as set in stone as they seem. It’s our job to nudge things in the right direction, so the result works with the grain of our programs.

I love digital tools that have some analog look or feel to them. (Speaking as an Excalidraw super user.) Going to have to find an excuse to use this beauty!

How to multiply your shipping cadence while using agents responsibly. Matthew Binshtok on the Vercel blog:

There is a fundamental difference between relying on AI and leveraging it.

• Relying means assuming that if the agent wrote it and the tests pass, it’s ready to ship. The author never builds a mental model of the change. The result is massive PRs full of hidden assumptions that are impossible to review because neither the author nor the reviewer has a clear picture of what the code actually does.
• Leveraging means using agents to iterate quickly while maintaining complete ownership of the output. You know exactly how the code behaves under load. You understand the associated risks. You’re comfortable owning them.

I’ve seen a lot of strong opinions about disclosing whether code in a PR was written by hand or generated by AI. I don’t really care. The author owns the code in the first place. The author and reviewer have a shared responsibility for what happens on production.

Putting your name on a pull request means “I have read this and I understand what it does.” If you have to re-read your own PR to explain how it might impact production, the engineering process has failed.

The litmus test is simple: would you be comfortable owning a production incident tied to this pull request?

Nicholas Carlini, a research scientist at Anthropic, reported at the [un]prompted AI security conference that he used Claude Code to find multiple remotely exploitable security vulnerabilities in the Linux kernel, including one that sat undiscovered for 23 years.

Nicholas was astonished at how effective Claude Code has been at finding these bugs:

We now have a number of remotely exploitable heap buffer overflows in the Linux kernel.

I have never found one of these in my life before. This is very, very, very hard to do.